Topics In Demand
Notification
New

No notification found.

Blog
3 tips to avoid coronavirus phishing attacks

May 4, 2020

239

0

The coronavirus (COVID-19) pandemic is rising day by day. The global death toll has passed 207 K, as on the day of writing this article, and the numbers are still growing. In this period of crisis, the hackers are all set to take advantage of the vulnerabilities that arise due to employees using their own devices, remote working, and more to steal data and money through ransomware.

In the past few weeks, there has been a rise in coronavirus related phishing emails. According to the security firm, Barracuda Networks, there were a total of 467,825 spear-phishing email attacks detected between March 1 and March 23, out of which, 9,116 were related to coronavirus.

So, how does a phishing attack work? Hackers send emails appearing to be from legitimate organizations sharing details and information about coronavirus.

How does a phishing email look like?

Attackers send emails containing malicious links or attachments. The message seems to have an important information and asks you to click on a link or open an attachment. If you click on any of them, you are likely to load a malicious software in your device.

Below is an example of scam email impersonating World Health Organization (WHO).

Phishing attacks
Source: BBC News

 

Another example below targets enterprises for payment.

Phishing attacks
Source: BBC News

 

Why phishing attacks rise during a crisis?

Phishing attacks

Attackers depend on deception. To achieve success, they create messages that generate a sense of urgency encouraging the recipients to click on links and share sensitive information. Crisis like COVID-19, give those attackers a great opportunity to cause significant damage.

During an emergency, people are looking for information, they are seeking directions from the government or other relevant authorities. When they receive a message appearing to be from reliable sources, they are more likely to fill in the blanks, click on links or download attachments. One such action, and later, the victim’s system is infected, and account is compromised.

As per an Acronis blog, “Now that individuals are deeply stressed, cybercriminals are using every angle of attack, including playing on the natural fear of COVID-19 and the desperate search for information. In the last two weeks, Acronis has seen a significant increase in cryptojacking, while ransomware attacks are growing rapidly as well.”

3 tips to avoid coronavirus phishing attacks 1

The number of users affected by cryptojackers grew significantly in the last couple of weeks.

Presently, there is chaos and fear amongst people due to the coronavirus pandemic. This is exposing new pathways for cyber criminals to prey on the vulnerable victims.

How to avoid phishing attacks in three steps

Just as you deal with the actual coronavirus, you can deal with the spread of scams by keeping yourself protected. Here are a few steps to keep you safe:

#1 Keep a check on communications from sources you don’t trust

These are possibly phishing attempts. During remote working at the time of pandemic, the many messages that we receive combined with the work pressure can lower our guards and we tend to open emails and click on links from trustworthy-looking organizations.

As a general rule, scrutinize messages from sources you don’t get regularly. For example, be aware of messages from unknown senders, or people from your organization like CEO, who do not usually communicate directly with you.

An example of such email received in our organization, that seems to be from our CEO, but is not.

3 tips to avoid coronavirus phishing attacks 2

#2 Build a strong cybersecurity awareness program

You can use cyber protection solutions like Acronis to avoid getting harmed from phishing attacks. In addition, organize security training programs from time to time.

Develop behaviours so employees know the indicators of a phishing attempt along with what they can do when they become a victim of it.

For example, the IT and security team can regularly distribute harmless phishing emails to employees and check how they react to it. Anybody that falls under it should be sent follow up emails explaining how they fell for the phishing attacks, what they could do instead, and reminding them to be more careful next time. Other tips to share with your employees can include checking spelling errors in emails, browsing online safely, and so on.

Along with this, it is important to check the risk presented by employees in and around your organization.

#3 Plan a new approach of cyber protection

Many cybersecurity strategies are centered around execution of defensive measures to protect a perimeter. Nowadays, phishing attacks are typically carried out with the help of artificial intelligence to bypass these perimeters and gain access to main systems or business processes.

In this situation, an advanced ransomware protection solution is important that focuses also on the data and not just the perimeter. This will provide safety to your organization’s devices against the most destructive types of malware that uses phishing scams for ransomware.

Acronis is one such solution. With Acronis by ZNetLive, you can protect data in Exchange Online (including In-Place Archives), OneDrive for Business and SharePoint Online. With Acronis Active Protection, you can stop ransomware with the backup industry’s most advanced, AI-based anti-ransomware technology.

Acronis Backup solution supports Windows, Mac, Microsoft Hyper-V, Linux KVM, VMware vSphere, Red Hat Enterprise, Amazon EC2, Azure VMs, Office 365, SharePoint, SQL Server, and many more.

If someone falls for a phishing scam in an organization, a cybersecurity solution like this can save business from damaging data loss and downtime.

Let’s all work together to stop the spread of scams like these, stay smart and stay safe!

Let us know what you do to avoid phishing attacks? Do you have a solution in place? We have experts to help you!


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


ZNet Technologies Private Limited, incorporated in 2009, is a cloud services provider offering cloud infrastructure and managed services to partners and end customers across the globe with a primary focus on India. We empower 90k+ websites.

© Copyright nasscom. All Rights Reserved.